2011 | OriginalPaper | Buchkapitel
Identity-Based Trace and Revoke Schemes
verfasst von : Duong Hieu Phan, Viet Cuong Trinh
Erschienen in: Provable Security
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Trace and revoke systems allow for the secure distribution of digital content in such a way that malicious users, who collude to produce pirate decoders, can be traced back and revoked from the system. In this paper, we consider such schemes in the identity-based setting, by extending the model of identity-based traitor tracing scheme by Abdalla et al. to support revocation.
The proposed constructions rely on the subset cover framework. We first propose a generic construction which transforms an identity-based encryption with wildcard
(WIBE)
of depth log(
N
) (
N
being the number of users) into an identity-based trace and revoke scheme by relying on the complete subtree framework (of depth log(
N
)). This leads, however, to a scheme with log(
N
) private key size (as in a complete subtree scheme). We improve this scheme by introducing generalized
WIBE (GWIBE)
and propose a second construction based on
GWIBE
of two levels. The latter scheme provides the nice feature of having constant private key size (3 group elements).
In our schemes, we also deal with advanced attacks in the subset cover framework, namely pirate evolution attacks
(PEvoA)
and pirates 2.0. The only known strategy to protect schemes in the subset cover framework against pirate evolution attacks was proposed by Jin and Lotspiech but decreases seriously the efficiency of the original schemes: each subset is expanded to many others subsets; the total number of subsets to be used in the encryption could thus be
O
(
N
1/
b
) to prevent a traitor from creating more than b generations. Our
GWIBE
based scheme, resisting
PEvoA
better than the Jin and Lotspiech’s method. Moreover, our method does not need to change the partitioning procedure in the original complete subtree scheme and therefore, the resulted schemes are very competitive compared to the original scheme, with
r
log(
N
/
r
) log
N
–size ciphertext and constant size private key.